2. Collection and storage of personal data and nature and purpose of their use

a) When visiting the website

When you access our website www.rogalla.de, the browser used on your device automatically sends information to the server of our website. This information is stored temporarily in a log file. The following information will be recorded without any action on your part and will be stored until erased by automated means by the provider in accordance with the erasure profile it applies:

the IP address of the requesting computer;

the date and time of access;

the name and URL of the file accessed;

the website from which access was made (referrer URL);

the browser used, its version where necessary the operating system of your computer, as well as the name of the access provider.

We process these data for the following purposes:

to ensure a smooth connection with the website;

to ensure that our website is user-friendly;

to analyse system security and stability; and

for other administrative purposes.

The legal basis for the data processing is point (f) of Art. 6 (1) GDPR. Our legitimate interest in the data collection follows from the purposes listed above. Under no circumstances do we use the collected data to draw inferences about your identity. The recording of the data for the delivery of the website and the storage of the data in log files are absolutely essential for operation of the website. You do not therefore have the option of objecting.

We also use cookies and analysis services when you visit our website. More details on this can be found in sections 4 and 5 of this Data Privacy Statement.

b) When using our contact form

If you have questions of any kind, we offer the option of getting in contact with us using a form provided on the website. This requires completing the fields marked as mandatory on the input screen so that we know who the enquiry came from and can answer it. Other details can be provided voluntarily.

Data processing for the purposes of getting in contact with us is performed in accordance with point (a) of Art. 6 (1), GDPR on the basis of your freely given consent.

The personal data we collect from your use of the contact form will be erased once your enquiry has been dealt with. Depending on the nature and content of the enquiry, however, the data will not be erased before the statutory retention period has expired. Data will be erased at a later date in cases in which we are obliged to store them for longer pursuant to point (c) of Art. 6 (1), GDPR because we have statutory duties of retention and documentation under tax and commercial law (German Commercial Code (HGB) and German Fiscal Code (AO)) or you have expressly consented to a longer storage period in accordance with point (a) of Art. 6 (1), GDPR.

c) When you send us an email

If questions or communications of any kind arise, whether or not in connection with existing or potential contractual relationships with us, we offer the option of getting in contact with us by email.

We will process the email you send us, including the personal data it contains. Data processing for the purposes of getting in contact or any other communication with us is performed in accordance with point (a) of Art. 6 (1), GDPR on the basis of your freely given consent, which you provide by sending your email to us. If your email is in connection with a contract, point (b) of Art. 6 (1), GDPR provides another legal basis for the data processing.

The content of your email, including the personal data we collect from it, will always be erased once your enquiry has been dealt with. Depending on the nature and content of your email, however, the data will not be erased before the statutory retention period has expired. Data will be erased at a later date in cases in which we are obliged to store them for longer pursuant to point (c) of Art. 6 (1), GDPR because we have statutory duties of retention and documentation under tax and commercial law (German Commercial Code (HGB) and German Fiscal Code (AO)) or you have expressly consented to a longer storage period in accordance with point (a) of Art. 6 (1), GDPR.

d) If you become our customer

We need, and will therefore process, the following information from you:

Data will be processed on your enquiry. This is required for the purposes stated in point (b) of Art. 6 (1), GDPR for the reasonable processing of your order/enquiry and for the mutual fulfilment of obligations under the contractual relationship.

The personal data we collect for our business relationship will be stored and then erased as soon as the purpose of storage no longer applies. However, they will not be erased before the statutory retention period has expired. Data will be erased at a later date in cases in which we are obliged to store them for longer pursuant to point (c) of Art. 6 (1), GDPR because we have statutory duties of retention and documentation under tax and commercial law (German Commercial Code (HGB) and German Fiscal Code (AO)) or you have expressly consented to a longer storage period in accordance with point (a) of Art. 6 (1), GDPR.

e) If you become our supplier

We need, and will therefore process, the following information from you:

your title, first name, surname;

a valid email address;

your postal address;

your telephone number (landline and/or mobile);

your fax number;

your tax reference number (especially your VAT ID no.);

your account details.

These data will be processed

so that we can identify you as our supplier;

to guarantee proper contract processing;

for correspondence with you.

Data will be processed for the purposes stated in point (b) of Art. 6 (1), GDPR for the mutual fulfilment of obligations under the contractual relationship.

The personal data we collect for our business relationship will be stored and then erased as soon as the purpose of storage no longer applies. However, they will not be erased before the statutory retention period has expired. Data will be erased at a later date in cases in which we are obliged to store them for longer pursuant to point (c) of Art. 6 (1), GDPR because we have statutory duties of retention and documentation under tax and commercial law (German Commercial Code (HGB) and German Fiscal Code (AO)) or you have expressly consented to a longer storage period in accordance with point (a) of Art. 6 (1), GDPR.

f) If you apply for a job with us

When you apply for a job (online or in paper form), we will collect and process the following personal application data from you:

We will only collect and process your personal application data for the specific purpose of filling positions within our company. Other than this, your application data will not be used for any other purpose or forwarded to third parties.

Data will be processed on your enquiry. This is required for the purposes stated in point (b) of Art. 6 (1), GDPR for the reasonable processing of your application.

Your personal application data will in principle be erased 6 months after the application process has ended. This will not apply if erasure conflicts with statutory provisions, further storage is required for the purposes of keeping evidence or you have expressly consented to a longer storage period.

Should we not be able to offer you a position at present, but your profile give us reason to believe that your application may be of interest for future job opportunities, we will store your personal application data for twelve months if you expressly consent to such storage and use.

3. Forwarding of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only forward your personal data to third parties if

you have given your express consent for us to do so in accordance with point (a) of Art. 6 (1), GDPR;

we have a statutory obligation to forward the data in accordance with point (c) of Art. 6 (1), GDPR;

this is allowed by law and is required for the processing of contractual relationships with you in accordance with point (b) of Art. 6 (1), GDPR;

the recipient is a processor we have commissioned, such as an IT partner or file destroyer or other service provider, where we comply with the statutory requirements for commissioned data processing in the case of such forwarding.

4. Cookies

We use cookies on our website. These are small files that your browser creates automatically and are stored on your device (laptop, tablet, smartphone or the like) when you visit our site. Cookies do not cause any harm to your device and do not contain any viruses, trojans or other harmful software.

When you access our website, you will be informed of the use of cookies for analytical purposes and your permission to process the personal data used in this regard will be obtained. Reference will also be made to this data protection information.

The legal basis for the processing of your personal data in this connection is point (a) of Art. 6 (1), GDPR.

The cookie stores information that is obtained in connection with the specific device used. This does not mean, however, that it enables us to identify you directly.

Cookies are used, firstly, to make browsing through our site more comfortable. We set what are known as session cookies, for instance, to recognise that you have visited individual pages of our website before. These session cookies are deleted automatically once you leave our site.

In addition, we use temporary cookies in order to optimise the user-friendliness of the site. These are stored on your device for a certain defined period of time. If you return to our site and use our services, they will automatically recognise that you had visited us before and what inputs and settings you made so you need not re-enter any of them.

We also install cookies to monitor the navigation on our website statistically and for the purposes of optimising the products and services we offer. These cookies enable us automatically to determine the next time you visit our site that you have been here before. Again, these cookies will be deleted automatically after a defined period of time.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or you are advised each time before a new cookie is created. It is pointed out that if you disable cookies entirely you may not be able to benefit fully from all functions of our website.

5. Analysis tools

Tracking tools

When you access our website, you will be informed of the tracking tools employed by us and permission to process your personal data collected by us will be obtained from you. Reference will also be made to this data privacy information.

The tracking measures listed below and which we use are implemented on the basis of point (a) of Art. 6 (1)), GDPR. Their purpose is to enhance user-friendliness and make continuous improvements to our website. We also employ tracking measures to record the website navigation statistically and to analyse it with the aim of optimising the services and products we offer.

You will find more information on the purposes of data processing and categories in the corresponding tracking tools.

Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc.(https://www.google.com/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), to optimise the user-friendliness and continuously improve our website. It creates pseudonymised user profiles and uses cookies (see section 4) for that purpose. The information generated by cookies on your use of this website, such as

the type/version of your browser;

the operating system used;

the referrer URL (the page just visited);

the host name of the accessing computer (IP address); and

the time of the server request

will be transferred to a Google server in den USA and stored there. The information is used in order to analyse the use of the website, compile reports on the website activities and perform further services associated with the use of the website and the internet for the purposes of market research and to optimise the user-friendliness of these web pages. This information may likewise be transmitted to third parties if this is required by law or if third parties process the data on our behalf. Under no circumstances will your IP address be associated with other Google data. The IP addresses will be anonymised, preventing any attribution (IP masking).

You can prevent cookies from being installed by making the corresponding setting in your browser software. However, we should point out that in this case you may not be able to make full use of all functions of this website.

You can also prevent the recording of the data generated by the cookie and relating to your use of the website (inc. your IP address) and the processing of these data by Google by downloading and installing a browser add-on(https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, particularly in the case of browsers on mobile devices, you can also prevent recording by Google Analytics by clicking on this link[DTS1]. This sets an opt-out cookie that prevents your data being recorded when you visit this website in the future. The opt-out cookie is only valid for this browser and for our website and will be placed in your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

We use etracker analysis services provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. User profiles may be created under a pseudonym from your personal data. Cookies (see section 4) may be used for this purpose. Without the separately given consent of the data subject, the data collected with the etracker technologies will not be used to identify visitors to our website personally. Similarly, without the separately given consent of the data subject the data collected with the etracker technologies will not be associated with personal data concerning the bearer of the pseudonym.

You can object to the collection and storage of your data at any time with effect for the future. To object to the collection and storage of your visitor data for the future, you can click on the following link to obtain an opt-out cookie from etracker which will ensure that no visitor data of your browser will be collected or stored by etracker in the future. http://www.etracker.de/privacy?et=V23Jbb

This sets an etracker opt-out cookie with the name "cntcookie". Please do not delete this cookie if you want to uphold your objection. Further information can be found in the etracker data privacy policy: http://www.etracker.com/datenschutz.html

6. Use of Google Maps

This website uses Google Maps to present interactive maps and generate directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you declare your consent to the recording, processing and use by Google, one of its representatives or third-party providers of the data collected automatically or provided by you.

under Art. 7 (3) GDPR to withdraw at any time the consent you had previously given us. This will mean that we will no longer be allowed to continue the data processing based on that consent in the future, and

under Art. 15 GDPR to demand access to the personal data concerning you that we process. In particular, you can demand information about the purposes of processing, the categories of personal data, the categories of recipient to whom your personal data have been or will be disclosed, the envisaged storage period, the existence of the right to request the rectification or erasure of personal data or the restriction of processing of the personal data or to object to such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making, including profiling, and any meaningful information about their details.

under Art. 16 GDPR to demand the immediate rectification of incorrect personal data concerning you that we store, or the completion of such data if incomplete.

under Art. 17 GDPR to demand the erasure of the personal data concerning you that we store, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

under Art. 18 GDPR to demand the restriction of the processing of your personal data in as far as you contest the accuracy of the personal data, the processing is unlawful, but you oppose their erasure, we no longer need the data, but you require them for the establishment, exercise or defence of legal claims, or you have lodged an objection to processing pursuant to Art. 21 GDPR.

under Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and the right to demand the transmission of those data to another controller.

under Art. 77 GDPR to lodge a complaint with a supervisory authority. Normally you will be able to contact the supervisory authority of your usual place of residence or workplace or of our company.

8. Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right under Art. 21 GDPR to lodge an objection to the processing of your personal data if your particular situation gives grounds for doing so or you are objecting to direct advertising. In the latter case you have a general right to object, which we will respect even if you have not specified any particular situation.

If you wish to exercise your right to withdraw consent or to object, you just need to send an email to info(at)rogalla.de.

9. Data security

The common HTTPS (Hypertext Transfer Protocol Secure) process is used for the encrypted transmission of content between our web server and your browser. Before the data are transmitted, the systems automatically agree on the best possible encryption technology supported by both sides.

This is generally TLS (Transport Layer Security) encryption in versions 1.0 to 1.2. We no longer support the insecure SSLv3 (Secure Socket Layer) protocol.

You can identify whether a particular page of our website is transmitted in encrypted form by the key or padlock symbol in the lower status bar of your browser.

We also implement appropriate technical and organisational security measures to protect your data from accidental or intentional manipulation, partial or total loss, destruction and unauthorised access by third parties. We continually improve our security measures in accordance with technological progress.

10. Updates and changes to this data protection information

This data protection information applies currently and is dated May 2018.

It may be necessary to amend this Data Privacy Statement as we develop our website and products and services or on the basis of changes in statutory or official regulations. You can access the current data protection information from the website at https://www.rogalla.de/en/dataprotection at any time and print it out.